ToolsSoftwareBlogSupport

🔎Audits

At Smithii, fulfilling our objective to offer web3 digital solutions for everyone, we also dedicate all efforts to guarantee the security, legality, and integrity of the existing tools on the platform.

Based on this, two complete audits have been carried out by CoinFabrik, a company dedicated to performing this type of investigative work on contracts to detect potential vulnerabilities.

Both audits were conducted in May and June 2024, the first on Smithii's tools and the second on the Mantis Protocol on Solana. In each one, the following aspects were analyzed:

  • Arithmetic errors.

  • Outdated version of the Solidity compiler.

  • Race conditions.

  • Reentrancy attacks.

  • Misuse of block timestamps.

  • Denial of service attacks.

  • Excessive gas usage.

  • Lack or disuse of function qualifiers.

  • Unnecessary complication of the code and interactions with the contract.

  • Poor or non-existent error handling.

  • Insufficient validation of input parameters.

  • Incorrect handling of cryptographic signatures.

  • Centralization and upgradeability.

Also, Smithii Vesting Tool was recently audited by Halborn (April 2nd to 7th, 2025) and share their conclusions. In this case, they focus on:

  • Identify potential security vulnerabilities within the codebase.

  • Verify the correctness of the core token locking, vesting schedule calculations, and claiming logic.

  • Assess access control mechanisms ensuring only authorized parties can perform sensitive actions.

  • Evaluate the security of state management, including initialization, updates, and potential data inconsistencies.

  • Analyze the implementation and usage of Merkle proofs for claim verification.

  • Identify potential edge cases or logical flaws that could lead to unexpected behavior, denial of service, or irrecoverable fund lockups.

  • Assess adherence to Solana development best practices regarding security, resource management (rent and compute), and CPI handling.

Summary of the tools audit (CoinFabrik): One critical error and two high-priority findings were identified. All incidents were treated with the utmost diligence and have been completely corrected.

Summary of the Mantis audit (CoinFabrik): Two critical errors and one high-priority finding were identified. Similarly, all errors were resolved.

Summary of the vesting audit (Halborn): identified some improvements to reduce the likelihood and impact of multiple risks, which were mostly addressed by the Smithii team (in process).

These processes underscore our continuous commitment to security and the constant improvement of our platforms to offer the best possible experience to our users. In any case, Smithii remains at the forefront to provide the maximum possible transparency and will continue to offer its resources for future audits.

If you want to review the entire audit conducted by CoinFabrik or Halborn, you can do so at these links:

https://github.com/CoinFabrik/coinfabrik-audit-reports/blob/main/Mantis/05-2024-coinfabrik-smithii_project_audit.pdf

https://github.com/CoinFabrik/coinfabrik-audit-reports/blob/main/Mantis/06-2024-coinfabrik-smithii_mantis_protocol_audit.pdf https://www.halborn.com/audits/smithii/vesting-1ae001

PreviousOur VisionNextTools

Last updated